EventID 1202: Security Policies are propagated with warning 0x534

Posted on 2012-09-19
Last Modified: 2012-09-21
My remote users could not login to terminal server anymore, they received an error on the RPC server.

After some digging I found thatL:
Server Management > Advanced Management > Group Policy Management > .... > Group Policy Objects > Small Business Services Auding Policy
Was set to: User Configuration Settings Disabled.
When I switched it to enabled they were able to login again.
I don't know if this setting was changed by someone, or maybe it needs to be on "User Configuration Settings Disabled".
By changing it to enabled did I compromise security? What could have caused this to happen in the first place?

I realize more information is needed to diagnose, just let me know what is needed and I will post. Thanks!
Question by:dutch7773
    LVL 74

    Accepted Solution

    Your "fix" is interesting, because it probably does prevent the error which was blocking user logons... however it is probably the wrong way to fix this problem.  User settings are supposed to be disabled by default... (and there aren't any settings under User Settings by default).

    Since you didn't say which version of SBS you have, I'm assuming that its SBS 2003 since that GPO went away in later versions.

    Please look at the GPO's Scope Tab and Delegation Tab and make sure that there aren't any accounts listed which only show a SID (ie, the account was removed or disabled).  If there are any of those listed, remove them from the GPO's settings.

    To answer your basic question, modifying this GPO does not at all compromise security of your network, and in fact, you could actually disable the GPO entirely.

    The GPO merely collects data which is used in SBS 2003's monitoring reports.

    LVL 1

    Author Comment

    Thank you for your answer. Meanwhile I found a username that was misspelled and I removed it. The strange thing is that this user name was added by the previous management company so it must have been there for a quite a while (over a year) and never did any harm. So why did SBS2003 all of a sudden stumble over this misspelled username now? Strange deal.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
    Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now